From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id C1A0181EDF for ; Tue, 24 Jan 2017 22:19:33 -0800 (PST) Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by orsmga105.jf.intel.com with ESMTP; 24 Jan 2017 22:19:33 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.33,282,1477983600"; d="scan'208";a="57245481" Received: from fmsmsx103.amr.corp.intel.com ([10.18.124.201]) by fmsmga005.fm.intel.com with ESMTP; 24 Jan 2017 22:19:33 -0800 Received: from shsmsx104.ccr.corp.intel.com (10.239.4.70) by FMSMSX103.amr.corp.intel.com (10.18.124.201) with Microsoft SMTP Server (TLS) id 14.3.248.2; Tue, 24 Jan 2017 22:19:32 -0800 Received: from shsmsx102.ccr.corp.intel.com ([169.254.2.88]) by SHSMSX104.ccr.corp.intel.com ([10.239.4.70]) with mapi id 14.03.0248.002; Wed, 25 Jan 2017 14:19:31 +0800 From: "Gao, Liming" To: "Wu, Hao A" CC: "edk2-devel@ml01.01.org" Thread-Topic: [edk2] [PATCH v2 1/1] MdePkg: Refine casting expression result to bigger size Thread-Index: AQHSdhMgmfLWSTmdSESnG8ZYUE3eWqFG3UQAgADzkoCAAOKFQP//f6YAgACGxSA= Date: Wed, 25 Jan 2017 06:19:30 +0000 Message-ID: <4A89E2EF3DFEDB4C8BFDE51014F606A14D6D49E7@shsmsx102.ccr.corp.intel.com> References: <1485242740-10244-1-git-send-email-hao.a.wu@intel.com> <1485242740-10244-2-git-send-email-hao.a.wu@intel.com> <04973bde-e5f1-42fc-fa73-f74aac9d5553@redhat.com> <4A89E2EF3DFEDB4C8BFDE51014F606A14D6D4945@shsmsx102.ccr.corp.intel.com> In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Subject: Re: [PATCH v2 1/1] MdePkg: Refine casting expression result to bigger size X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Jan 2017 06:19:33 -0000 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Got it. Thanks for your clarification.=20 >-----Original Message----- >From: Wu, Hao A >Sent: Wednesday, January 25, 2017 2:17 PM >To: Gao, Liming >Cc: edk2-devel@ml01.01.org >Subject: RE: [edk2] [PATCH v2 1/1] MdePkg: Refine casting expression resul= t >to bigger size > >> -----Original Message----- >> From: Gao, Liming >> Sent: Wednesday, January 25, 2017 1:58 PM >> To: Wu, Hao A; Laszlo Ersek >> Cc: edk2-devel@ml01.01.org >> Subject: RE: [edk2] [PATCH v2 1/1] MdePkg: Refine casting expression res= ult >to >> bigger size >> >> Hao: >> For PCILIB_TO_COMMON_ADDRESS, we can't assume its usage in the >> consumer code. There may be some usage in other projects. So, I suggest = to >> provide the safe fix. >> > >Hi Liming, > >The definition "PCILIB_TO_COMMON_ADDRESS" is defined in >MdePkg/Library/BaseS3PciLib/S3PciLib.c. It will not be consumed outside. > >Best Regards, >Hao Wu > >> Thanks >> Liming >> >-----Original Message----- >> >From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of >Wu, >> >Hao A >> >Sent: Wednesday, January 25, 2017 8:26 AM >> >To: Laszlo Ersek >> >Cc: edk2-devel@ml01.01.org >> >Subject: Re: [edk2] [PATCH v2 1/1] MdePkg: Refine casting expression >result >> >to bigger size >> > >> >> -----Original Message----- >> >> From: Laszlo Ersek [mailto:lersek@redhat.com] >> >> Sent: Tuesday, January 24, 2017 5:54 PM >> >> To: Wu, Hao A >> >> Cc: edk2-devel@ml01.01.org >> >> Subject: Re: [edk2] [PATCH v2 1/1] MdePkg: Refine casting expression >result >> >to >> >> bigger size >> >> >> >> On 01/24/17 08:25, Hao Wu wrote: >> >> > There are cases that the operands of an expression are all with ran= k >less >> >> > than UINT64/INT64 and the result of the expression is explicitly ca= sted >to >> >> > UINT64/INT64 to fit the target size. >> >> > >> >> > An example will be: >> >> > UINT32 a,b; >> >> > // a and b can be any unsigned int type with rank less than UINT64,= like >> >> > // UINT8, UINT16, etc. >> >> > UINT64 c; >> >> > c =3D (UINT64) (a + b); >> >> > >> >> > Some static code checkers may warn that the expression result might >> >> > overflow within the rank of "int" (integer promotions) and the resu= lt is >> >> > then cast to a bigger size. >> >> > >> >> > The commit refines codes by the following rules: >> >> > 1). When the expression will not overflow within the rank of "int", >remove >> >> > the explicit type casts: >> >> > c =3D a + b; >> >> > >> >> > 2). When the expression is possible to overflow the range of unsign= ed >int/ >> >> > int: >> >> > c =3D (UINT64)a + b; >> >> > >> >> > Contributed-under: TianoCore Contribution Agreement 1.0 >> >> > Signed-off-by: Hao Wu >> >> > --- >> >> > MdePkg/Library/BaseLib/String.c | 4 = ++-- >> >> > MdePkg/Library/BasePeCoffLib/BasePeCoff.c | 12 = +++++----- >-- >> >> > MdePkg/Library/BaseS3PciLib/S3PciLib.c | 4 = ++-- >> >> > MdePkg/Library/SmmMemoryAllocationLib/MemoryAllocationLib.c | >4 >> >++-- >> >> > MdePkg/Library/UefiMemoryAllocationLib/MemoryAllocationLib.c | 4 >> >++-- >> >> > 5 files changed, 13 insertions(+), 15 deletions(-) >> >> > >> >> > diff --git a/MdePkg/Library/BaseLib/String.c >> >> b/MdePkg/Library/BaseLib/String.c >> >> > index e84bf50..4151e0e 100644 >> >> > --- a/MdePkg/Library/BaseLib/String.c >> >> > +++ b/MdePkg/Library/BaseLib/String.c >> >> > @@ -586,7 +586,7 @@ InternalHexCharToUintn ( >> >> > return Char - L'0'; >> >> > } >> >> > >> >> > - return (UINTN) (10 + InternalCharToUpper (Char) - L'A'); >> >> > + return (10 + InternalCharToUpper (Char) - L'A'); >> >> > } >> >> > >> >> > /** >> >> > @@ -1211,7 +1211,7 @@ InternalAsciiHexCharToUintn ( >> >> > return Char - '0'; >> >> > } >> >> > >> >> > - return (UINTN) (10 + InternalBaseLibAsciiToUpper (Char) - 'A'); >> >> > + return (10 + InternalBaseLibAsciiToUpper (Char) - 'A'); >> >> > } >> >> > >> >> > >> >> > diff --git a/MdePkg/Library/BasePeCoffLib/BasePeCoff.c >> >> b/MdePkg/Library/BasePeCoffLib/BasePeCoff.c >> >> > index 33cad23..8d1daba 100644 >> >> > --- a/MdePkg/Library/BasePeCoffLib/BasePeCoff.c >> >> > +++ b/MdePkg/Library/BasePeCoffLib/BasePeCoff.c >> >> > @@ -15,7 +15,7 @@ >> >> > PeCoffLoaderGetPeHeader() routine will do basic check for PE/COF= F >> >header. >> >> > PeCoffLoaderGetImageInfo() routine will do basic check for whole >> >PE/COFF >> >> image. >> >> > >> >> > - Copyright (c) 2006 - 2014, Intel Corporation. All rights reserve= d.
>> >> > + Copyright (c) 2006 - 2017, Intel Corporation. All rights reserve= d.
>> >> > Portions copyright (c) 2008 - 2009, Apple Inc. All rights reserv= ed.
>> >> > This program and the accompanying materials >> >> > are licensed and made available under the terms and conditions o= f >the >> >BSD >> >> License >> >> > @@ -703,12 +703,10 @@ PeCoffLoaderGetImageInfo ( >> >> > // >> >> > DebugDirectoryEntryFileOffset =3D 0; >> >> > >> >> > - SectionHeaderOffset =3D (UINTN)( >> >> > - ImageContext->PeCoffHeaderOffset + >> >> > - sizeof (UINT32) + >> >> > - sizeof (EFI_IMAGE_FILE_HEADER) + >> >> > - Hdr.Pe32->FileHeader.SizeOfOptional= Header >> >> > - ); >> >> > + SectionHeaderOffset =3D ImageContext->PeCoffHeaderOffset + >> >> > + sizeof (UINT32) + >> >> > + sizeof (EFI_IMAGE_FILE_HEADER) + >> >> > + Hdr.Pe32->FileHeader.SizeOfOptionalHea= der; >> >> > >> >> > for (Index =3D 0; Index < Hdr.Pe32->FileHeader.NumberOfSecti= ons; >> >Index++) >> >> { >> >> > // >> >> > diff --git a/MdePkg/Library/BaseS3PciLib/S3PciLib.c >> >> b/MdePkg/Library/BaseS3PciLib/S3PciLib.c >> >> > index e29f7fe..27342b0 100644 >> >> > --- a/MdePkg/Library/BaseS3PciLib/S3PciLib.c >> >> > +++ b/MdePkg/Library/BaseS3PciLib/S3PciLib.c >> >> > @@ -3,7 +3,7 @@ >> >> > the PCI operations to be replayed during an S3 resume. This libr= ary >class >> >> > maps directly on top of the PciLib class. >> >> > >> >> > - Copyright (c) 2006 - 2012, Intel Corporation. All rights reserve= d.
>> >> > + Copyright (c) 2006 - 2017, Intel Corporation. All rights reserve= d.
>> >> > >> >> > This program and the accompanying materials >> >> > are licensed and made available under the terms and conditions >> >> > @@ -25,7 +25,7 @@ >> >> > #include >> >> > >> >> > #define PCILIB_TO_COMMON_ADDRESS(Address) \ >> >> > - ((UINT64) ((((UINTN) ((Address>>20) & 0xff)) << 24) + (((U= INTN) >> >> ((Address>>15) & 0x1f)) << 16) + (((UINTN) ((Address>>12) & 0x07)) <<= 8) >+ >> >> ((UINTN) (Address & 0xfff )))) >> >> > + ((((UINTN) ((Address>>20) & 0xff)) << 24) + (((UINTN) >> >((Address>>15) & >> >> 0x1f)) << 16) + (((UINTN) ((Address>>12) & 0x07)) << 8) + ((UINTN) >> >(Address & >> >> 0xfff ))) >> >> > >> >> > /** >> >> > Saves a PCI configuration value to the boot script. >> >> >> >> I think this change is potentially unsafe, without auditing all uses = of >> >> PCILIB_TO_COMMON_ADDRESS(). In a 32-bit build, the type of the result >> >> will no longer be UINT64 but UINT32, and that can cause problems in >> >> several contexts. For example: >> >> >> >> - as an operand to the sizeof operator >> >> - when it's being relied upon to cause conversion to UINT64, for exam= ple >> >> another (UINT32) operand could be added to it >> >> - when it is passed through a variable argument list >> >> >> >> It might be safe, but there's no way to tell without auditing all the >> >> call sites. So let me see... >> >> >> >> Apparently this macro is only passed to S3BootScriptSavePciCfgWrite()= as >> >> second argument, within the same file, and that argument is covered b= y >> >> the function prototype explicitly, with type UINT64. So the change >> >> should be safe. >> >> >> > >> >Thanks for the checking. I did search the whole edk2 repository for the >> >reference of "PCILIB_TO_COMMON_ADDRESS" and it is only comsumed >by >> >the >> >function you mentioned. >> > >> >> (I see the same macro definition and kind of invocation in >> >> "QuarkPlatformPkg/Acpi/DxeSmm/AcpiSmm/AcpiSmmPlatform.c"; I >didn't >> >try >> >> to audit that file.) >> >> >> >> The rest looks okay too. >> >> >> >> Reviewed-by: Laszlo Ersek >> >> >> > >> >Many thanks for the feedbacks and the effort for reviewing the patch. >> > >> >> (If you go ahead and submit a 30-part series that does this kind of >> >> fixup all over the tree, please don't expect me to review it all -- I= 'm >> >> okay reviewing OvmfPkg and ArmVirtPkg changes, but I can't take on th= e >> >> rest. This kind of patch cannot be reviewed without consulting a real= ly >> >> wide context.) >> >> >> > >> >I am thinking if the package level patch contains too many changes, I >> >might break it into multiple module-level patches and include module >> >owners/experts to help reviewing them. >> > >> >Best Regards, >> >Hao Wu >> > >> >> Thanks >> >> Laszlo >> >> >> >> >> >> > diff --git >> >> a/MdePkg/Library/SmmMemoryAllocationLib/MemoryAllocationLib.c >> >> b/MdePkg/Library/SmmMemoryAllocationLib/MemoryAllocationLib.c >> >> > index 937165a..592cced 100644 >> >> > --- >a/MdePkg/Library/SmmMemoryAllocationLib/MemoryAllocationLib.c >> >> > +++ >b/MdePkg/Library/SmmMemoryAllocationLib/MemoryAllocationLib.c >> >> > @@ -12,7 +12,7 @@ >> >> > allocation for the Reserved memory types are not supported and w= ill >> >> always >> >> > return NULL. >> >> > >> >> > - Copyright (c) 2006 - 2015, Intel Corporation. All rights reserve= d.
>> >> > + Copyright (c) 2006 - 2017, Intel Corporation. All rights reserve= d.
>> >> > This program and the accompanying materials >> >> > are licensed and made available under the terms and conditions o= f >the >> >BSD >> >> License >> >> > which accompanies this distribution. The full text of the licen= se may >be >> >> found at >> >> > @@ -343,7 +343,7 @@ InternalAllocateAlignedPages ( >> >> > Status =3D gSmst->SmmFreePages (Memory, UnalignedPages); >> >> > ASSERT_EFI_ERROR (Status); >> >> > } >> >> > - Memory =3D (EFI_PHYSICAL_ADDRESS) (AlignedMemory + >> >> EFI_PAGES_TO_SIZE (Pages)); >> >> > + Memory =3D AlignedMemory + EFI_PAGES_TO_SIZE (Pages); >> >> > UnalignedPages =3D RealPages - Pages - UnalignedPages; >> >> > if (UnalignedPages > 0) { >> >> > // >> >> > diff --git >> >a/MdePkg/Library/UefiMemoryAllocationLib/MemoryAllocationLib.c >> >> b/MdePkg/Library/UefiMemoryAllocationLib/MemoryAllocationLib.c >> >> > index 3da5e211..3bd3aef 100644 >> >> > --- >a/MdePkg/Library/UefiMemoryAllocationLib/MemoryAllocationLib.c >> >> > +++ >b/MdePkg/Library/UefiMemoryAllocationLib/MemoryAllocationLib.c >> >> > @@ -2,7 +2,7 @@ >> >> > Support routines for memory allocation routines based >> >> > on boot services for Dxe phase drivers. >> >> > >> >> > - Copyright (c) 2006 - 2015, Intel Corporation. All rights reserve= d.
>> >> > + Copyright (c) 2006 - 2017, Intel Corporation. All rights reserve= d.
>> >> > This program and the accompanying materials >> >> > are licensed and made available under the terms and conditions o= f >the >> >BSD >> >> License >> >> > which accompanies this distribution. The full text of the licen= se may >be >> >> found at >> >> > @@ -216,7 +216,7 @@ InternalAllocateAlignedPages ( >> >> > Status =3D gBS->FreePages (Memory, UnalignedPages); >> >> > ASSERT_EFI_ERROR (Status); >> >> > } >> >> > - Memory =3D (EFI_PHYSICAL_ADDRESS) (AlignedMemory + >> >> EFI_PAGES_TO_SIZE (Pages)); >> >> > + Memory =3D AlignedMemory + EFI_PAGES_TO_SIZE (Pages); >> >> > UnalignedPages =3D RealPages - Pages - UnalignedPages; >> >> > if (UnalignedPages > 0) { >> >> > // >> >> > >> > >> >_______________________________________________ >> >edk2-devel mailing list >> >edk2-devel@lists.01.org >> >https://lists.01.org/mailman/listinfo/edk2-devel